| View previous topic :: View next topic |
| Author |
Message |
concerned
Guest
|
 Posted: Tue Mar 18, 2003 4:21 pm Post subject: open port 110 |
|
|
 Benign is holding open port 110. This is enough of a concern for me not to use this otherwise excellent bit of software. For a full explanation care of grc.com go to
http://grc.com/faq-shieldsup.htm#NAV2K |
|
| Back to top |
|
 |
Paul
Admin
Joined: Feb 22, 2002
Posts: 5719
Location: USA
|
| Posted: Tue Mar 18, 2003 4:50 pm Post subject: |
|
|
The ideal solution is to hold the port open locally and not on the public interface. Did you scan your system using our tools to determine if port 110 is open?
And if its open, is it so because you haven't locked it down in your firewall?
_________________
I love my wife. |
|
| Back to top |
|
|
Aart
Guest
|
| Posted: Tue Mar 18, 2003 4:56 pm Post subject: Re: open port 110 |
|
|
| concerned wrote: |
Benign is holding open port 110. This is enough of a concern for me not to use this otherwise excellent bit of software. For a full explanation care of grc.com go to
http://grc.com/faq-shieldsup.htm#NAV2K |
When you use Norton Internet Securety its is safe to have a open port 110. Try the portscan of Norton. Its open yes, but safe.
|
|
| Back to top |
|
|
Wayward
Lieutenant
Premium Member
Joined: Mar 16, 2003
Posts: 299
Location: USA
|
| Posted: Tue Mar 18, 2003 5:01 pm Post subject: |
|
|
Paul and Concerned ...
 I just used the Gibson Research Shields Up program to confirm that Benign does seem to hold the POP3 Port 110 open. http://grc.com/
I use AVG Anti-Virus with the AVG Personal E-Mail Scanner. With that configuration the port is closed. When B9 is added to the mix, the port is open. I'm no expert, but it doesn't seem like a good thing ...
Commnets / thoughts welcome.
_________________
Wayward |
|
| Back to top |
|
|
Paul
Admin
Joined: Feb 22, 2002
Posts: 5719
Location: USA
|
| Posted: Tue Mar 18, 2003 5:08 pm Post subject: |
|
|
Just as a sanity check use our online nmap scanner.
_________________
I love my wife. |
|
| Back to top |
|
|
core
Guest
|
| Posted: Tue Mar 18, 2003 5:24 pm Post subject: It's open but the service is blocked |
|
|
Try actually connecting to it from an external IP address - it prints this message:
-ERR Connections are allowed only from the local host (xxx.xxx.xxx.xxx is not a local address)
Connection closed by foreign host.
So the port seems to be open but B9 drops the connection - so it's safe. |
|
| Back to top |
|
|
Barru
Cadet
Premium Member
Joined: Mar 13, 2003
Posts: 9
Location: USA
|
| Posted: Tue Mar 18, 2003 5:27 pm Post subject: |
|
|
| I've got Benign running on port 110 and it doesn't show up in either Gibson's port scan or the port scan on this site. I'm using WinProxy, which was a pain to get configured correctly, but seems to do a good job running my computer in stealth mode and works great to share my network connection now that it's configured. |
|
| Back to top |
|
|
Paul
Admin
Joined: Feb 22, 2002
Posts: 5719
Location: USA
|
| Posted: Tue Mar 18, 2003 5:39 pm Post subject: |
|
|
Thanks Barru, that's what I was hoping for. So it seems concerned's firewall configuration isn't proper. I'm getting a copy of B9 & MW this week, so I'll be able to start helping out more with both.
_________________
I love my wife. |
|
| Back to top |
|
|
troy16d
Guest
|
| Posted: Tue Mar 18, 2003 6:04 pm Post subject: |
|
|
here is the result I got from sheilds up
110
POP3
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!
With Benign running |
|
| Back to top |
|
|
saddadbadhad
Cadet
Joined: Mar 18, 2003
Posts: 2
Location: UK
|
| Posted: Tue Mar 18, 2003 6:24 pm Post subject: |
|
|
Open and safe??? I'm not so sure. If port 110 appears to be open then its visible and therefore vulnerable. I've tried different rules with local and remote ports - I'm using Sygate personal Firewall. Using GRC Shields Up, UDP port scanner or nmap port scanner I get the same results: port 110 is open!
As for configuring firewalls - I thought Benign was
| Quote: |
| so simple to set up |
?
The method of holding open port 110 has already been discredited and is no longer used by Symantec. Take a look at these articles
http://grc.com/faq-shieldsup.htm#NAV2K
http://www.bugnet.com/alerts/bugalert_122299.htm
|
|
| Back to top |
|
|
Paul
Admin
Joined: Feb 22, 2002
Posts: 5719
Location: USA
|
| Posted: Tue Mar 18, 2003 7:20 pm Post subject: |
|
|
The question is why are some folks able to stealth it and not others?
_________________
I love my wife. |
|
| Back to top |
|
|
stevek
Guest
|
| Posted: Wed Mar 19, 2003 5:51 am Post subject: |
|
|
| So what is everyone saying...!!! That B9 should only be run while you are actually dealing with e-mails, then should be closed down...?????? |
|
| Back to top |
|
|
troy16d
Guest
|
| Posted: Wed Mar 19, 2003 6:26 am Post subject: |
|
|
| Maybe it's the OS I'm running Win XP Pro all of my ports are showing stealh on sheilds up |
|
| Back to top |
|
|
Paul
Admin
Joined: Feb 22, 2002
Posts: 5719
Location: USA
|
| Posted: Wed Mar 19, 2003 7:31 am Post subject: |
|
|
| stevek wrote: |
| So what is everyone saying...!!! That B9 should only be run while you are actually dealing with e-mails, then should be closed down...?????? |
Oh not at all. You see in your firewall configuration you should be able to allow it to listen on the local port, but not on the public port. All firewalls have the ability to set it for local or public connections.
_________________
I love my wife.
|
|
| Back to top |
|
|
saddadbadhad
Cadet
Joined: Mar 18, 2003
Posts: 2
Location: UK
|
| Posted: Wed Mar 19, 2003 11:52 am Post subject: |
|
|
 I've now managed to configure my firewall properly!!!
Now I get "stealthed" results on port 110. I simply (after a good nights sleep!) went to Sygates web site and read the instructions. Hmmm... |
|
| Back to top |
|
|
|
|
You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0.
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
